Re: Slave zone intermittently not refreshing
Hi Doug, Doug Barton writes: > On 05/08/2014 05:53 AM, Mart van de Wege wrote: > >> I have a couple, all of them 'retry limit for master $foo exceeded'. >> >> Only 2 hits for the master that's giving trouble though, and none of >> those around the time we had trouble. > > If you're seeing any of these errors the problem is worse than you > think. Thankfully the errors I do have are known due to those masters having connectivity issues. > Also, you haven't mentioned anything about the logs on the > master. On the master for the domain that's intermittenly not refreshing I can't say a thing, as that is owned by our customer, and they haven't passed me any logs yet. > Are you seeing any errors about the number of simultaneous > transfers exceeded? IME if things work on the command line but the > servers are not performing as expected this is usually the > culprit. Also IME the default limits for simultaneous transfers and > SOA queries are quite conservative. On a busy master I usually at > least double them. You'll want to watch performance on the master to > make sure it's not actually getting swamped of course. > I see no errors about the number of transfers. The master is running on a rather healthily dimensioned VM, so if necessary I could increase the default limits, but that should not be necessary if I don't get any errors, correct? Overall the master is performing fine as master for its slave domains, and aside from 2 domains with known connectivity issues and this particular domain is also running just fine as a slave for the couple dozen slave domains hosted on it. The only difference I *can* see is that this particular slave zone occasionally gets a lot of updates in a single day, which is when this problem seems to be triggered. Regards, Mart ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Exiting due fatal error, no named.conf found.
Mimiko wrote: > May 11 09:56:14 srv58 named[28172]: loading configuration from > '/opt/bind9/etc/named.conf' > May 11 09:56:14 srv58 named[28172]: open: /opt/bind9/etc/named.conf: file not > found > I've put bind in /srv/bind9. Also I use chrooting. If you are chrooting then all the paths compiled in to named, and the in the command line options, and in the configuration files, are interpreted relative to the chroot. You need to ensure that all your configuration files are inside the chroot. This: > ln -s /srv/bind9/chroot/etc /opt/bind9/etc creates a symlink outside your chroot pointing in to it, so it won't help named to find its files - though it might help you to find them :-) Tony. -- f.anthony.n.finchhttp://dotat.at/ German Bight: Northwest 4 or 5, occasionally 6. Slight or moderate. Showers. Moderate or good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: No logging after logfile turned over. v9.10
James Brown wrote: > > Any suggestions as to how to make the logging continue after the rollover? Either: (1) configure newsyslog to HUP named after rolling the logs, by telling it the path to named.pid (2) configure named to use syslog (3) configure named to roll its log files itself (which it does based on size rather than time) Tony. -- f.anthony.n.finchhttp://dotat.at/ Humber: North or northwest 3 or 4, occasionally 5 at first. Slight or moderate, but rough in east at first. Showers. Good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Slave zone intermittently not refreshing
Mart van de Wege wrote: > > The only difference I *can* see is that this particular slave zone > occasionally gets a lot of updates in a single day, which is when this > problem seems to be triggered. Is there an MTU problem between your slave and the master? Or a problem with fragmented UDP? I wonder if something is screwing up large IXFR packets, causing your slave to get stuck - that might explain the timeout messages in the log. It is a bit difficult to properly test IXFR because dig will only do it over TCP (it ignores the +notcp option for AXFR and IXFR). And you can't force named to use TCP for IXFR, so getting named and dig to behave the same is tricky... You could try setting "request-ixfr no;" to see if AXFR (over TCP) works better. Tony. -- f.anthony.n.finchhttp://dotat.at/ Shannon: Northwest 5 to 7, decreasing 4 or 5. Rough. Showers, squally at first. Good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Slave zone intermittently not refreshing
On Mon, 12 May 2014 12:08:09 +0100 Tony Finch wrote: > Mart van de Wege wrote: > > > > The only difference I *can* see is that this particular slave zone > > occasionally gets a lot of updates in a single day, which is when this > > problem seems to be triggered. > > Is there an MTU problem between your slave and the master? Or a problem > with fragmented UDP? Not that I know of, but that bears investigating. I will keep a tcpdump running along just to check. > You could try setting "request-ixfr no;" to see if AXFR (over TCP) works > better. > Good idea. I'm still waiting for a recurrence, so this thread may go quiescent for a bit. Regards, Mart ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Point domain name of my zone to name in somebody else's zone?
Hehit's definitely Monday, today. > Could we please have the following DNS updates made? > > CNAME: .ksu.edu -> web..ksu.edu > CNAME: www..ksu.edu -> web..ksu.edu > > We have migrated our public web site to a new server. Thanks! > > - .. > > Chief Technology Officer Sure... dnssec-signzone: error: dns_master_load: oeie.ksu.edu:16: oeie.ksu.edu: CNAME and other data dnssec-signzone: fatal: failed loading zone from 'ksu.edu': CNAME and other data *** Error code 1 heh -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Slave zone intermittently not refreshing
In message , Tony Finch writes: > Mart van de Wege wrote: > > > > The only difference I *can* see is that this particular slave zone > > occasionally gets a lot of updates in a single day, which is when this > > problem seems to be triggered. > > Is there an MTU problem between your slave and the master? Or a problem > with fragmented UDP? I wonder if something is screwing up large IXFR > packets, causing your slave to get stuck - that might explain the > timeout messages in the log. > > It is a bit difficult to properly test IXFR because dig will only do it > over TCP (it ignores the +notcp option for AXFR and IXFR). And you can't > force named to use TCP for IXFR, so getting named and dig to behave the > same is tricky... 2275. [func] Add support to dig to perform IXFR queries over UDP. [RT #17235] DiG has supported ixfr over udp since 2007. It just defaults to TCP. you have to disable TCP after specifying ixfr. e.g. dig ixfr=2007111878 dv.isc.org +notcp > You could try setting "request-ixfr no;" to see if AXFR (over TCP) works > better. > > Tony. > -- > f.anthony.n.finchhttp://dotat.at/ > Shannon: Northwest 5 to 7, decreasing 4 or 5. Rough. Showers, squally at > first. Good. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Point domain name of my zone to name in somebody else's zone?
On 2014-05-12 12:29, Lawrence K. Chen, P.Eng. wrote: Hehit's definitely Monday, today. Could we please have the following DNS updates made? CNAME: .ksu.edu -> web..ksu.edu CNAME: www..ksu.edu -> web..ksu.edu We have migrated our public web site to a new server. Thanks! - .. Chief Technology Officer Sure... dnssec-signzone: error: dns_master_load: oeie.ksu.edu:16: oeie.ksu.edu: CNAME and other data dnssec-signzone: fatal: failed loading zone from 'ksu.edu': CNAME and other data *** Error code 1 heh IT is basically figuring out how to phrase your three wishes to an evil genie. "CNAME the apex? As you wish, master... mwahahaha!" -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
